SPARK Releases Updated Data Security Best Practices

The SPARK Institute released Monday its Plan Sponsor & Advisor Guide to Cybersecurity, laying out its specific data security “Best Practices and seventeen Control Objectives.”

Developed by its Data Security Oversight Board, SPARK’s best practices and control objectives establish a base of communications between recordkeepers and the public through third-party audits of cybersecurity control objectives, according to a press release.

“Plan sponsors have an important role in working with service providers so that they have controls in place that are following cybersecurity best practices. The revised SPARK Data Security reporting standard helps in that regard,” said Dennis Lamm, a SPARK DSOB member and Fidelity Investments senior vice president and head of customer protection, in the release. “SPARK’s retirement industry cybersecurity leaders drew on their deep expertise in an unprecedented collaborative effort to come up with an action plan to help recordkeepers communicate the full capabilities of their cybersecurity systems to plan consultants, clients and prospects.”

SPARK Institute executive director Tim Rouse said the control objectives are consistent with and in alignment with the Department of Labor Cybersecurity Program Best Practices released last year.

“They also satisfy the requirements for Reliable Annual Third-Party Audit of Security Controls for recordkeepers,” Rouse said. “From recent surveys of members, all DSOB members developed controls that build on current industry guidance and practices in an effort to better protect retirement assets against criminal cyber activity and enable plan sponsors and advisors better manage their fiduciary responsibility.”

More information on the updates can be found on the SPARK Institute website.